Data breaches as the main security threat
Being one of the biggest online markets, the United States sees a considerable share of global cyber crime. As of December 2022, almost half of the users in the country surveyed said they had ever experienced a cyber attack. Furthermore, around eight in ten U.S. board directors believed their organization was at risk of a material cyber attack in the upcoming year.Cyber attacks usually target the most mission-critical industries, such as healthcare, or those that directly control a large amount of money, like financial institutions. The manufacturing sector often falls victim to cyber attacks because of its complexity and the many parties involved. Besides mentioned factors, these organizations store essential and often sensitive customer information.
The most common types of cyber crime in the United States causing data compromises were phishing, smishing, and business e-mail compromise (BEC) attacks. In 2022, organizations around the country experienced 461 such incidents. However, the actual number of attacks could vary, as not all organizations report experiencing cyber crime due to potential harm to their reputation.
Control measures to protect consumer data
While data breaches are the result, mishandling and improper measures to protect the collected data are frequently the cause of consumers directly feeling the impact of cyber crime. In 2018, the European Union was the first to implement a law that protects data privacy. The legislation applies to companies, including foreign enterprises, that operate within the EU.Although the United States has no common law protecting the data privacy of its citizens, a few states have already developed such legislation locally. California, home of many tech companies, has two laws protecting data privacy: the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Other states having implemented privacy laws include Colorado, Connecticut, Virginia, and Utah. Many other states have already taken steps toward developing similar regulations, which are currently in the process of discussion.
These regulations highly affect companies' attitudes toward consumer data, forcing them prioritize cyber security and be more transparent about the data collection process. Since its enactment in January 2020, the CCPA has been cited in 244 legal filings until February 2023. Companies were also being held accountable for not handling consumer data properly before the implementation of privacy regulations in the United States. To date, the most significant fine for a data breach issued in the United States was the 2019 Equifax fine of at least 575 million. Despite the regulations being active, many companies still lack compliance. According to the latest data, over half of U.S. companies legally expected to comply with the CCPA did not present sufficient compliance. Furthermore, around 40 percent provided manual compliance, while only eight percent were ready to correspond with the legislation.
Consumers battling cyber crime
While companies are expected to employ various data protection technologies, individuals on their end also need to protect their personal information actively . Given the rising awareness about data protection and privacy, currently, an increasing number of people are interested in using security tools like virtual private networks (VPN), ad blocking, or a password manager. Additionally, recent data shows that seven in ten U.S. internet users are up to date on data breaches.However, on the other side of the spectrum are the users who would not mind exchanging personal information in return for free access to online services like e-mail, messengers, and social networks.